Author

Topic: Asking DEVS to provide some defense against "Concentration"/Robbery attacks (Read 1242 times)

sr. member
Activity: 336
Merit: 260
That's a long wall of text, sorry, I will answer only one question.

Quote
Why not cater to everybody?

Because you can't. Crypto currencies are not for everyone, because they imply responsibility on the part of users. If users are irreponsible with their finances, they need to use banks to keep their money for them. Everybody will never be responsible, humans are all different and are not equal in that aspect. That's why cryptos can't cater to everybody, whether we like it or not. We have to accept this fact and live with it, and educate people about being their own banks and not trust third party to keep their funds for them. That's all we, as a crypto community, can do. But in the end, everyone will be their own success or failure, depending on whether they learn from others' and their own experience or not learn from it.
sr. member
Activity: 371
Merit: 250
Don't store funds at exchanges, be your own bank. It's as simple as that. If you need to trade, deposit, buy/sell, withdraw, all within an hour, don't keep funds at exchanges longer. Exchanges are a point of failure. Cryptos are quite vulnerable due to various factors as is. Why add another danger by keeping funds at exchanges is beyond my understanding.

Yep i agree that is the general consensus and if follow it.

But one of the problems Bitcoin has for bigger adoption from investors is the lack of liquidity and it will continue like that if people is not free to do as they want.
Also if you ask any group of individuals to forget about what they want to do in crypto, they won't join or have a lower rate of adoption (in this case very short term investors or maybe traders).
Why not cater to everybody?

Multisig would solve that and in the special cases where one account transfer can destroy a whole economy i think at least it should be mandatory.
Listen to Let's talk bitcoin episode about Armory. Companies DEMAND some multisig possibilities for their wallets.

At the moment i think there are not many more options but only armory on bitcoin.

Maybe while more security options appear around the many different wallets and the many different coins, allowing multisig some security could be implemented in the protocol so there are some limitations for huge amounts of money that can kill a coin entirely >1%

I don't see armory forks for every single altcoin appearing in the cryptoworld in the short term. And even if they appear what if one exchange is using a specific library and it is not using an armory-like wallet.

Just wondering. Would be so difficult to add in the protocol itself that when one transfer is bigger than a specific amount of the available coins, there is a time delay or some kind of verification is needed after 100 blocks?

Anyway i am not an expert, i just wanted to open a thread for this issue to be considered.

I cannot recall how many hacks we had already in the crypto world and a time delay mechanism that was already there in the Real Wild West (1800+) Banks could do miracles to avoid this kind of things.

Is it so difficult to add a two factor authentication for crypto wallets? bitcoin-qt and all their alts, etc.? That would do miracles aswell.

While more advanced security features come, Is a mail verification mandatory for any transaction bigger than 1% of the total coins sent from the very same crypto wallet very difficult? because vericoin and nxt problems would have been solved just with that i guess.
sr. member
Activity: 336
Merit: 260
Don't store funds at exchanges, be your own bank. It's as simple as that. If you need to trade, deposit, buy/sell, withdraw, all within an hour, don't keep funds at exchanges longer. Exchanges are a point of failure. Cryptos are quite vulnerable due to various factors as is. Why add another danger by keeping funds at exchanges is beyond my understanding.
sr. member
Activity: 371
Merit: 250
Thanks,

As posted in nxt forum

This huge robbery of concentrated amounts of money are even worse than 51% attacks and yet still not even one cryptocoin has developed some kind of defense against this kind of attack.

One robber steals a huge amount from an exchange or any address with a huge amount of funds and:

1- Developers lose hundreds of hours of dedicated job on their child watching how it gets inpopular and loses years in adoption timeframe
2- Exchanges lose the business. Maybe jobs are lost. Maybe customer funds are seized.
3- All crypto community show a bad image. Press talks about the crypto "wild west".
4- More scammers and hackers come into the fest as it could be pretty easy to find a vulnerability on a system with no verification. Just hack in and get the huge amount in one hour
5- It is a call for regulation from states. The perfect excuse
6- It delays adoption. Crypto gets a huge bad press. -> Crypto is unsafe. Your hard earned money is unsafe.

That is the worse that can happen with your savings for many many people. They won't care if you scan it with a fancy mobile or if it p2p. Not many leave their savings below a rock in the park.

It is ridiculous that so much time is spent on many improvements while there is one vulnerability in most cryptos that is far worse than a 51% attack -> Get your coin instadestroyed just because one guy did not updated their adobe software.

Multisig should be absolutely mandatory for any account with a big amounts of fund. Or some kind of time lock of X blocks where a second password is needed to verify that that transaction is really desired.
From the jungles in the Amazon to any king during history, anyone moving a huge amount of money, would have it guarded and every step checked here and there many many times before the transaction or the transport is done.

In this case the digital-instant transfer speed is our enemy and developers should address this fast.

My two cents.
full member
Activity: 182
Merit: 100
KryptKoin is one of the best!!!
You brought on something important to discuss. I suggest you to send message to some devs to make this thread been seen.
legendary
Activity: 1232
Merit: 1000
Multisig, education & a couple more years experience.
sr. member
Activity: 371
Merit: 250
Again. Now 50 million NXT stolen from BTER. Bter exchange could be gone with many people's funds. Crypti IPO aswell and the NXT community could suffer hugely with a 50 million loss or even bitcoin with a huge loss if that amount is sold.

Something must be done.
legendary
Activity: 1540
Merit: 1011
FUD Philanthropist™
sr. member
Activity: 371
Merit: 250
Just some thoughts,

After the latest robbery on Mintpal where a big amount of Vericoin have been stolen putting the vericoin economy and or the exchange itself on risk, the Vericoin development team has decided to follow what could be a bad precedent not only for Vericoin, but for any/all cryptocoins, that is, forking a blockchain to avoid undesired "problems", in this case the robbery of a huge amount of coins.

Actual cryptocoins provide some means of defense against many different attacks. I am wondering and this is the reason of this post, if some kind of defense could be added by the different altcoin development teams to reduce the risk or the viability of one robber stealing a huge amount of coins from an exchange.

Maybe something like not allowing by code/coin protocol to move from a public address more than a 5% of the total coins mined to date unless more than 100 blocks (or some time) has passed.
Maybe another possible idea would be to require the lock during 100 blocks any address holding more than 5% of the total coins mined.
Maybe require a second security key to be provided 100 blocks after the movement of the initial big amount of coins...
Maybe some Multisig implementation obliged for bigger amounts.

...

Well, sure there are wonderful ideas way better than those from dev imaginative minds, this was just a thought about the importance of exchange robberies, and that they should also be considered as "attacks", and maybe could be even more dangerous than a 51% attack.

TLDR: Devs, your own coin might be at risk and might not survive if one day, one exchange is attacked and no thinking/means has been placed to minimize those risks. People savings are also at risk, and exchanges aswell. I think this problem should be addressed.

Thoughts?

Cheers,


PD: I don't have any vericoin, although i think it is a pretty interesting project.
Jump to: